06-22-2012 03:46 AM - edited 03-07-2019 07:24 AM
Hello everyone,
Please assist me with configuring a working route between two subnets (172.28.0.0/16 and 192.168.0.0/24) on a Cisco Catalyst 2960-S.
Problem: The subnet 172.28.0.0/16 is on VLAN 40 and the clients on this subnet have to access a preconfigured device with an ip in 192.168.0.0/24 subnet. The configuration of this device cannot be changed.
I have an Cisco 2960-S Lan Base (c2960s-universalk9-tar.150-1.SE3) switch (http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_55_se/configuration/guide/swipstatrout.html) that I would like to use to solve this problem.
Is this possible and if so how can I do this?
Thank you and best regards,
Gasper
06-22-2012 04:36 AM
Hi,
take a look here:http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_55_se/configuration/guide/swipstatrout.html
Regards.
Alain.
Don't forget to rate helpful posts.
06-22-2012 04:40 AM
Gasper
The 2960 switch was originally a layer 2 switch and could not route between VLANs or between subnets. But Cisco added limited ability to route on the 2960 beginning with release 12.2(55)SE as indicated in the link that you reference. So I am guessing that you switch can do this.
As a first step go into config mode and enter the command ip routing. If the command is accepted and if it shows up in the output of show run, then we can be confident that your switch can be used to provide the connectivity between subnets.
I am assuming that the switch is already configured with the two VLANs, one VLAN for the 172.28 network and one VLAN for the 192.168.0 network, and appropriate ports assigned to each VLAN. If that is not the case then let us know and we can discuss that part.
Assuming that two VLANs exist perhaps as vlan 40 and vlan 50 and that the ip routing command was accepted, then the rest of the configuration is pretty simple. You will configure two VLAN interfaces and configure IP addresses on them. It might look something like this:
ip routing
interface vlan 40
ip address 172.28.0.1 255.255.0.0
interface vlan 50
ip address 192.168.0.0 255.255.255.0
This should be enough to allow the clients in network 172.28 to access the device in network 192.168.0. I do not believe that you would need to configure any static routes to establish that connectivity.
Give it a try and let us know how it works.
HTH
Rick
06-25-2012 11:53 PM
Hi Richard,
Thank you for your help. I actually tried this prior to posting here but I am still unable to ping from one subnet to another. I guess I am doing something wrong.
Yes, sdm prefer lanbase-routing and ip routing commands are accepted.
To further clarify:
I have a subnet 172.28.0.0/255.255.0.0 in a VLAN 40 with a gateway at 172.28.0.1. This Vlan is configured throughout my network infrastructure. This VLAN is also configured on the Cisco Catalyst 2960-S that I'm trying to use to configure the route between two subnets.
The subnet 192.168.0.0/255.255.255.0 is not deployed throughout my network as I have only one device that needs to be accessed from the 172.28.0.0/255.255.0.0 subnet. I also don't have a gateway configured for the 192.168.0.0/255.255.255.0 subnet.
Then what I did is I added VLAN 11 for this subnet on the previously mentioned Cisco Catalyst 2960-S:
Switch#conf t
Switch(config)# vlan 11
Switch(config)# name TEST
Then what I did is:
Switch#conf t
Switch(config)#ip routing
Switch(config)#
Switch(config)#int vlan 40
Switch(config-if)#ip add 172.28.254.254 255.255.0.0 <- I cannot assign 172.28.0.1 as this IP address is the gateway IP address of this subnet
Switch(config-if)#
Switch(config-if)#int vlan 11
Switch(config-if)#ip add 192.168.0.2 255.255.255.0 <- Here you wrote ip add 192.168.0.0 255.255.255.0, is this a typo or is this where I did the mistake?
If I configure a client in the 172.28.0.0/255.255.0.0 subnet (Vlan 40) I am able to ping 172.28.254.254.
Also if I configure a client in a 192.168.0.0/255.255.255.0 subnet (Vlan 40), I am able to ping 192.168.0.2.
But I am unable to ping 192.168.0.2 from the 172.28.0.0/255.255.0.0 subnet (Vlan 40).
So I am able to ping between VLANs (for example from VLAN 40 to VLAN 11), but only if the device that I am using is configured in the same subnet as the IP that I'm trying to ping.
I hope that my post makes any sense.
I really appreciate your help and I hope you will be able to further assist me with my issue.
Thank you and best regards,
Gasper
06-26-2012 01:14 AM
Hi,
did you try the ping between the vlans on the switch first ?
have you configured the default-gateway of the devices as the SVI IP address in the same subnet?
Have you tried the tests with the device firewall disabled ?
Regards.
Alain.
Don't forget to rate helpful posts.
06-26-2012 01:34 AM
Hi Alain,
did you try the ping between the vlans on the switch first ?
Yes and it worked.
have you configured the default-gateway of the devices as the SVI IP address in the same subnet?
I don't understand what you mean by that. Please advise how to do this properly?
I use a seperate management VLAN with a subnet 192.168.99.0/24 for device management. So I have only ip default-gateway 192.168.99.9 configured for the switch management on the Cisco Catalyst 2960-S.
Please note that the client devices configuration cannot be changed. I cannot change the gateway on the 172.28.0.0/16 nor on the 192.168.0.0/24 devices.
Have you tried the tests with the device firewall disabled ?
Yes, all client devices have firewall disabled.
Thank you and best regards,
Gasper
06-26-2012 01:50 AM
Hi,
Please note that the client devices configuration cannot be changed. I cannot change the gateway on the 172.28.0.0/16 nor on the 192.168.0.0/24 devices.
if you don't put 192.168.0.2 as the default-gateway on the 192.168.0.0/24 network then it won't work by using the svi.
Can you provide a diagram specifying where are the 192.168.0.0/24 devices and what is theyr Ip config for now as well as for the other subnet devices.
Regards.
Alain.
Don't forget to rate helpful posts.
06-26-2012 02:04 AM
if you don't put 192.168.0.2 as the default-gateway on the 192.168.0.0/24 network then it won't work by using the svi.
So should I have 192.168.0.2 configured as the default gateway on my client devices in the 192.168.0.0/24 network or on the switch using:
interface Vlan11
ip address 192.168.0.2 255.255.255.0
ip default-gateway 192.168.0.2 <- this somehow seems wrong
Also should i use ip route-cache?
Can you provide a diagram specifying where are the 192.168.0.0/24 devices and what is theyr Ip config for now as well as for the other subnet devices.
Diagram:
Cisco ASA:
- Cisco 3750G Stack:
- Cisco Catalyst 2960-S:
- Connected devices 172.28.0.0/16
- Conencted devices 192.168.0.0/24
192.168.0.0/24 device configuration:
IP: 192.168.0.X
Subnet: 255.255.255.0
Gateway: 192.168.0.1 <- non existing
DNS: 192.168.0.1 <- non existing
172.28.0.0/16 device configuration:
IP: 172.28.X.X
Subnet: 255.255.0.0
Gateway: 172.28.0.1 <- does exist
DNS: ISP public DNS <- working
Now if I understand correctly what I should do is:
Switch(config-if)#int vlan 11
Switch(config-if)#ip add 192.168.0.1 255.255.255.0
instead of:
Switch(config-if)#int vlan 11
Switch(config-if)#ip add 192.168.0.2 255.255.255.0
Is this correct?
Thank you and best regards,
Gasper
06-26-2012 02:26 AM
Hi,
yes if the default-gateway is 192.168.0.1 then iny vlan11 must have this IP and the same goes for the other vlan.
Regards.
Alain.
Don't forget to rate helpful posts.
06-26-2012 02:50 AM
yes if the default-gateway is 192.168.0.1 then iny vlan11 must have this IP and the same goes for the other vlan.
I don't see any problems configuring this for vlan 11, but vlan 40 already has an ip 172.28.0.1 for the gateway which is configured on asa. If I configure interface on the same ip in vlan 40, won't it conflict?
Thank you and best regards,
Gasper
06-26-2012 03:05 AM
Hi,
of course they will conflict but in this case no need for vlan 40 on the switch except if you want to connect to this IP for management as the ASA will do the routing but you must have a correct route on the asa.
Regards.
Alain.
Don't forget to rate helpful posts.
06-26-2012 04:14 AM
Ok, I hope I understood correctly what I have to do.
1. I've reconfigured interface vlan 11:
interface vlan 11
ip address 192.168.0.1 255.255.255.0
2. I've connected a device to vlan 11 with the settings:
ip: 192.168.0.138
sub: 255.255.255.0
gw: 192.168.0.1
3. I've connected a device to vlan 40 with the settings:
ip: 172.28.2.99
sub: 255.255.0.0
gw: 172.28.0.1
Then I tried:
a) Ping to 192.168.0.1 from switch. Result: OK
b) Ping to 172.28.0.1 from switch. Result: NOT OK
c) Ping from device 172.28.2.99 to 172.28.0.1. Result: OK
d) Ping from device 172.28.2.99 to 192.168.0.1. Result: NOT OK
e) Ping from device 172.28.2.99 to 192.168.0.138. Result: NOT OK
f) Ping from device 192.168.0.138 to 192.168.0.1. Result: OK
g) Ping from device 192.168.0.138 to 172.28.0.1. Result: NOT OK
h) Ping from device 192.168.0.138 to 172.28.2.99. Result: NOT OK
On the switch there are configured VLANs 1, 11, 40, 999 (management). And IPs set for vlan interfaces 11 (192.168.0.1) and 999 (192.168.99.28). I didn't set an IP for vlan inferface 40. Default gateway on the switch 192.168.99.9 (I also tried with 192.168.0.1 but there was no difference in results above).
I don't know what I'm doing wrong?
Best regards,
Gasper
06-26-2012 04:39 AM
Hi,
can you post a diagram as well as the config from switch and asa.
Regards.
Alain.
Don't forget to rate helpful posts.
06-26-2012 04:52 AM
When you entered the command "sdm prefer lanbase-routing" did you reload the switch stack after this ? Switch must be reloaded after entering this command .
06-26-2012 04:59 AM
When you entered the command "sdm prefer lanbase-routing" did you reload the switch stack after this?
Yes I did.
Best regards,
Gasper
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide